A nearly 17-year-old is reportedly author of malware that led to Target’s data breach

Bloomberg

The Target Corp. data breach that has hurt its sales and has made many consumers skittish about using their cards has been traced to a Russian teenager who authored the malware used in the security breach, according to a cyber-intelligence firm.

IntelCrawler, based in Los Angeles, said that nearly 17-year-old Russian is a well-known programmer of malicious code in the underground world. The cyber-intelligence firm added the BlackPOS malware is an inexpensive “off the shelf” malware, which it said may also have been involved in the Neiman Marcus attack.

The company has uncovered six other breaches, including two small clothing firms in Los Angeles and four medium-sized department stores in Colorado, Arizona, New York and California, said IntelCrawler CEO Andrew Komarov in an interview, declining to specify the names of the four retailers, citing an ongoing investigation.

He said the extent of the damage and the number of retailers affected could be much larger because the malware author has close to 60 customers, several of whom were involved in the Target
/quotes/zigman/253872/delayed/quotes/nls/tgtTGT attack. IntelCrawler has partnered with law enforcement officials and Visa and Mastercard on the case and counts financial firms as its customers, Komarov told MarketWatch. He said the malware is being sold for $2,000 or 50% of the proceeds from selling compromised card information.

“He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,” said Dan Clements, the company’s president, on its website.

IntelCrawler said BlackPOS first infected retailers’ systems in Australia, Canada and the U.S. It said the malware — which first carried the name of “Kaptoxa,” or potato in Russian slang, before being renamed — has been sold to cybercriminals in Eastern Europe and other countries, including owners of underground credit-card shops.

Separately, iSight Partners, who are working with the U.S. Secret Service, said the Kaptoxa software has potentially infected “a large number of retail information systems.”

The Target attack has potentially compromised 40 million card accounts with some 70 million shoppers’ email and other personal information also stolen from a separate system during the security breach. Neiman Marcus has said it doesn’t have a specific number of consumers being affected.

This copy is for your personal, non-commercial use only. Distribution and use of
this material are governed by our
Subscriber Agreement
and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones
Reprints at 1-800-843-0008 or visit